CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
This can be detected by inspecting the variable’s name through the inspector. If the variable’s name contains the string “proto” it indicates a potential vulnerability in the system.
CVE-2023-37612
This can be detected by inspecting the variable’s name through the inspector. If the variable’s name contains the string “pets” it indicates a potential vulnerability in the system.
Conclusion:
This is a potential vulnerability that can be detected by inspecting the variable’s name. This vulnerability can be detected by inspecting for the string “proto” in the variable’s name.
Timeline
Published on: 10/12/2022 01:15:00 UTC
Last modified on: 10/14/2022 16:33:00 UTC
References
- https://github.com/tschaub/gh-pages/blob/e363b144defe8e555f5a54251a6f7f1297c0e3f6/lib/util.js#L16
- https://github.com/tschaub/gh-pages/blob/e363b144defe8e555f5a54251a6f7f1297c0e3f6/lib/util.js#L11
- https://github.com/tschaub/gh-pages/issues/446
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37611